INSKEEP: One last thing, coming back to this San Bernardino case, we don't know what's in that iPhone. We don't even know if it's important. But let's spin out the worst case scenario as a prosecutor might. Suppose your side wins, that phone is never opened, and as a result, the government misses a chance to find some other suspect and disrupt some attack. The attack goes forward, and people are killed. Will that have been worth it in order to protect encryption?Surman, probably flabbergasted that anyone should ask such a question, changed the subject
SURMAN: We need to find ways to really be able to seek communications before they're sent or after they're sent and actually work with law enforcement on doing this well. There are alternative ways to get information, getting access to it before or after it's encrypted. What we want to avoid is creating a precedent where encryption can be broken by an arbitrary third party.But Inskeep kept at it
INSKEEP: So you're saying, in essence, it may well be harder to catch terrorists, but you can still work at it, and the extra difficulty is worth it.Remember, this is cloyingly liberal NPR, not some foaming at the mouth right wing program!
Like Surman, I often am too polite to give the right answer to such shocking questions in real time. But with the benefit of hindsight, here's a better answer
COCHRANE: Well, come to think of it, you're right there Steve. And while you're at it, let's keep going. These pesky first and fourth amendments sure get in the way of law enforcement, don't they? I mean all this business about going out and getting warrants, and waiting for a judge is so time consuming. If a terrorist gets away while you're busy getting a warrant, and people are killed, will that really have been worth it to protect some sort of centuries old procedures? If someone stirs up trouble on a Jihadi website, why do we have to allow that? And this annoying business about grand juries, and presenting evidence, and discovery, and Miranda warnings, it's so burdensome. What if some terrorist gets away and kills someone? The police surely should be allowed to just throw anyone suspicious in jail, to make sure they don't do anything bad. Heck, while you're at it, what's with these prohibitions against torture? Bring back the rack, or start chopping people's fingers off until they talk. If you hold back, and some terrorist kills someone, was your little sense of ethics really worth it?There is a reason we have all these protections. There is a reason we need to defend them even in times of turmoil.
Perhaps a President Hillary Clinton will bring a sympathetic ear to the right to digital privacy. She undoubtedly wishes her email had been bullet-proof encrypted, not just from the FBI and NSA, but from the Chinese and Russian hackers likely reading every line.
Update: I realize from some of the comments that the point may not have been clear. This isn't about the Apple decision. It's moot, really, anyway, as even Apple can't open the new Iphones. And one can make cost/benefit arguments either way. My point was about the argument: We will hear quite often in coming years and decades, the argument that even one terrorist caught is worth sacrificing privacy and civil liberty. Be prepared to answer, to point out there are costs as well as benefits, and to list what they are. And, finally, I sound more critical of Inskeep than I should. In fairness, he does not offer an opinion. He asks a question, one commonly asked, and may well have been floating a t-ball in the hope Surman would smash it out of the park as I attempted to do. Many people will ask that question. It's worth asking, over and over, and rehearsing the answer.
Great answer even if he's right. In reality he isn't right, though. If the government cracks the phone's encryption using Apple signed malware, then this apple signed malware proliferates, how many petty dictators and terrorists around the world will be able kill informants when they crack security on other iPhones? How many billions of dollars will be stolen by hackers who gain access to financial information?
ReplyDelete+1 Many grabs for power begin "If it saves innocent lives, then we must ..."
DeleteThe answer must always be in the form of life vs life. How will the extra power kill people as well as save people.
As long as you're spinning hypotheticals, try this one: A terrorist gets away while the FBI is obtaining a warrant. The terrorist is the trigger man for a cataclysmic event (e.g., the release of a massive electromagnetic pulse that destroys much of America's telecommunications and power grids). The immediate result is the death of tens of thousands of Americans. the long-term result is the impoverishment of most Americans, as the economy is set back to the 1950s, if not to the 1930s. The people of those earlier days had the advantage of knowing how to do things with their hands, which is untrue of most Americans these days. Do you think for a moment that very many Americans would choose poverty over the rights of someone who is almost certainly a terrorist bent on doing them harm? The Constitution is not a suicide pact.
ReplyDeleteThe FBI is almost certain your innocent son is a terrorist. Your son is shot and killed by the FBI. Not very many Americans would care that a terrorist was killed to keep them safe. You might.
DeleteThe Apple case has nothing to do with the 4th Amendment. There's a court order based on probable cause, plus the owner of the phone has consented to the search; that satisfies whatever 4th amendment problems might exist.
ReplyDeleteThe real issue is whether the powers claimed by the Government under the All Writs Act are constitutional. The government is claiming it has the power to force Apple to write software in aid of a criminal investigation - to me that sounds an awful lot like a forced draft into a police force. What constitutional provision gives the government this power? I can't think of any but this is not my speciality. Anyway, that's the question the courts will have to decide if they conclude that the government has satisfied the prerequisites under the All Writs Act for an order of compulsion.
Douglas
DeleteGood answer.
The difference between demanding that Apple hand over something they already have and demanding that they create something completely new.
Question: suppose that the government gets complete technical details on the hardware and software of the telephone under a subpoena issued for one investigation, is the government then free to use that information in other investigations without getting a new warrant?
Bad answer. The owners of all the other iPhones have not consented and it hurts them badly for Apple to comply. The government wants Apple to write a piece of malware, sign it as a legitimate update, and then hope the genie will stay in the bottle.
DeleteNPR knows who its master is, and what its master wants: "Absolute control - Over every living soul"*
ReplyDelete"The Future" by Leonard Ha'Kohen Ha'Navi
Who might that be? If you think it is the government, don't even bother to reply, please, because that would show that you know nothing about NPR.
DeleteMaybe I haven't been paying enough attention. The phone in question belongs to someone who we know committed a serious crime. Law enforcement would like to know the contacts this person made via his phone in order to investigate possible further criminal activities the person may have been involved and with whom. Why can't law enforcement get a warrant to compel Apple to search the phone and turn over the list of contacts made via that phone. Government law enforcement need not be provided with software to unlock the phone. Won't that work? I'm not a lawyer, so those who know the law, please inform me.
ReplyDeleteA policy answer, not a legal answer: Because then the Trump administration can demand that Apple unlock Hilary Clinton's phone, the Hilary Clinton administration can demand that Apple unlock Donald Trump's phone, and the Chinese government can demand that Apple unlock the phone of every dissident in China.
DeleteUnless I'm mistaken, the phone belonged to the San Bernadino Dept of Public health and there is no reason to believe that "it" committed serious crime. However, it was used by someone we know who committed a serious crime and who is now dead. Unlocking the phone will not help convict that person.
DeleteWe do not now know everything the FBI knows; however, it appears that the FBI has no probable cause to believe that anyone else other than the deceased assailants (and the person who bought their weapons) has committed a crime and I think they've already admitted that. It would be somewhat different if the FBI had probable cause to believe that someone who committed a crime and is still available for trial called that phone or was called via that phone.
As it is, this is what in the business is called a "fishing expedition" And, as far as privacy is concerned, Ben, above, gave a very good answer: unlocking that phone is tantamount to unlocking everyone's Apple iPhone. I'm sure the FBI could uncover quite a few crimes (serious and otherwise) if it were given access to the contents of every iPhone in the country whether or not there is probable cause to believe that anyone connected with those phones has committed a crime and that the evidence obtained by a search would possibly assist in convicting that person. But, is that the kind of tradeoff American citizens want?
The drafters of the 4th Amendment were very aware of this tradeoff and they chose to reserve to citizens their privacy against such "fishing expeditions" and protect them against the tyranny that unwarranted invasions of privacy would invite.
I'm certainly not in favor of the FBI having the ability and the right to unlock everyone's phone, nor any one phone at random, without a warrant. That would be scary.
DeleteApple cannot search the phone.
DeleteAs I understand it, the FBI is asking Apple to make it easier for the FBI to use brute force cracking techniques on the phone. And if the owner had a long pass phrase instead of a 4 digit passcode, they might even not be able to do that.
Inskeep's way of framing the question may be unsavory, but the reverse question is routinely framed in similarly silly ways. People who say we don't have to choose between privacy and security don't understand trade-offs. Sure, some privacy can be guaranteed without compromising security, and some security can be guaranteed without compromising privacy, but once we've arrived at the privacy-security frontier, you only increase privacy by reducing security and vice versa. Essentially no one opposes increasing privacy without reducing security, and vice versa--the debate is at the margin.
ReplyDeleteThere is of course room for debate about whether we are in fact at the frontier, but on basically all of the controversial areas there are experts who reasonably disagree about whether measure X which reduces privacy really advances security. That tells me that these things are not easy calls. One hard problem is how much privacy we're willing to trade for how much security, and vice versa. The other hard problem is how much any given proposal actually advances/diminishes privacy and security.
The arguments you raise are great arguments--they're the reason why many experts take the pro-privacy side of many of these debates. But there are counterarguments made by experts on the pro-security side of many debates. Who is right? I don't know, but I think it's a non-trivial issue and if we're going to advance the conversation we need to present the best arguments from all sides, and ultimately we'll have to live with the fact that different people will (reasonably) make different judgment calls.
John, this is not about some high minded political principal but pure economics.
ReplyDeleteApple doesn’t want to lose their monopoly on your data. End of story.
John, this is not about some high minded political principal but pure economics.
ReplyDeleteApple doesn’t want to lose their monopoly on your data. End of story.
For a more technical description of what is at stake.
ReplyDeletehttps://lawfareblog.com/not-slippery-slope-jump-cliff
The link is excellent.
DeleteThat article and the linked technical spec largely miss the point (it is at the very end of the technical spec). This is only feasible for the iPhone 5C and does not involve new software, as the comments above suggest. It is a known bug in the old software that Apple removed. The bug requires the FBI to spoof Apple's remote update feature or for Apple to simply update the phone. Forcing Apple to push out an update to newer iPhones won't work (the Secure Enclave in the technical spec). Perhaps they can compel Samsung, Google, etc., but those companies can just overcome this technical deficiency as well (if it exists). There is no "backdoor" at this stage, although the administration is asking for one. It appears that the concern and comments are accurately addressed at a backdoor, but this lawsuit is not that bogeyman.
Deletehm, I don't believe the Great and Powerful Hillary has enough self awareness to think information security is something people should have.
ReplyDeleteActually, let me correct that: the real people like her, sure they deserve absolute privacy. But the little people? Well, how are their betters supposed to make sure they do the right thing without being able to see every little thing they do.
IMHO, the concerns about privacy are overblown and the San Bernardino case is the wrong test case and the wrong place to try to draw a line. I personally see little social "cost" associated with giving the police the power, with a search warrant, to search encrypted data on cell phones. Fifty years ago no one would have doubted that a search want gave the police the right to break into a locked safe. What "secret" information do you have on your cellphone?
ReplyDeleteA few yeas ago, a young woman, Holly Bobo, was abducted and murdered. A witness said she had seen a video on an Apple phone of the victim being abused by the accused. The authorities have not been able to crack the cell phone. Do I wish there was a backdoor into the phone - you bet I do. Would I support forcing Apple to unlock that phone if they could - you bet I would.
There are much bigger potential threats to privacy. Widespread recording of car license plate numbers or CCTV coupled with facial recognition or the moves to abolish cash for three examples.
Professor,
ReplyDeleteI think from the update you misunderstand the FBI's demand. They are asking Apple to write a piece of malware, digitally sign it, and allow it to be loaded on the target phone as an update. The malware is not itself a back door. The malware will only disable a key feature of the encryption security. That key feature is the destruction of the decription key after 10 incorrect passwords are attempted.
While this would not be a back door, it would be the first step in allowing the FBI to create a back door - and not just for this device. The FBI believes they can brute force the password in a reasonable period of time as long as they get unlimited attempts. For a good understanding of the problem, here is Professor Matthew Green from John Hopkins Department of Cryptography. The security Apple has is only as strong as the passwords chosen. If a pin is used instead of a strong pass phrase, half an hour might be enough.
The arguments for more general, police state authority seem to run around these special case arguments. It's all "What is the phone is never opened, what if then the government misses a chance to find some other suspect and disrupt some attack, what if the attack goes forward, what if thousands of people are killed. Was it worth it?"
ReplyDeleteThat sort of reasoning can be used to justify anything but do we want to justify anything? How about "What if the government suspects your neighbor of having terrorist sentiments, what if at that point the government misses an extra legal chance kill him outright and disrupt some attack, what if the suspected attack happens, what if thousands of people are killed. Was it worth it?"
Those sorts of special case arguments historically lead to shortsighted policies that end up being black marks on the US government's record. I am thinking of things like communist blacklists or Japanese internment during WWII. But I'm sure Americans are aware of better examples of shortsighted transgressions by their government.
Here are some questions that could offer a better chance of arriving at a legal system Americans might want to live under. (a) What general freedoms need to be protected with respect to property?
(b) What general freedoms need to be protected with respect to communication?
(c) What restraints on the security apparatus are prudent and desirable given history and given the aspirations of the people?
(d) What imperfections in any policy are acknowledged and accepted given the country that Americans would aspire to have?
These kind of general questions lead to sounder decisions and clearer thinking than the muddled "what if, what if, what if" roads that people seem to want to talk about.
as far as i know, with a court order, the Fed Gov't (FBI/District Attorney) can look at almost any record you might have: tax returns, bank records, any paper in your house, telephone logs, they can wiretap your phone or even your living quarters
ReplyDeleteThe things the FBI can't look at ,ever, are pretty limited: priviledge with attorney, rabbi, doctor and spouse.
yet, for some bizarre reason, an iphone is different: the FBI can get a court order to look at your taxes, but there is this magic something that says we can't look at an iphone
if you printed out what was on your iphone, and hte FBI had a warrant to search your home and seize records, would anyone argue that the iphone printouts are somehow exempt because ..??
what am i missing ?
I must have missed something. The fourth amendment only precludes unreasonable searches and seizures. There is a court order. We are either a nation of laws or we are not. OK if Apple wants to litigate the constitutionality of the court ordered search/seizure. Given Apple's past history of compliance with other court ordered searches and similar activities, I would have thought quiet compliance in a protected, off-line environment within Apple headquarters would have little consequence for privacy - or at least no more consequence for privacy compared to other Apple encryption functionality. Remember, when their is a search warrant, if the police don't have a key, they can knock down the wall. Failure to comply, may mean an escalation, a new search warrant for all Apple encryption functionality. Else, I must have missed something here.
ReplyDeleteIt isn't Apple's iPhone. The fourth amendment allows the government to obtain a warrant to search your property. It doesn't give the government the right to command someone else to spend resources as the government's agent. The locked safe scenario is not a proper analogy. The locked safe analogy would allow the government to command the safe manufacturer to create a key when such a key does not exist. And spend the resources without compensation.
DeleteFYI, a French MP wants to force smarthphones' decryption in terrorism investigations -- subject to commercialization ban. See http://www.lefigaro.fr/actualite-france/2016/02/29/01016-20160229ARTFIG00213-antiterrorisme-apple-somme-de-cooperer-avec-la-justice-francaise.php .
ReplyDeleteOK, you must know something I do not know.
ReplyDeleteWhat would China or Russia find out from reading Hillary's e-mails that was not available from open sources?
What was it, you comment implies you know.